12 Replies Latest reply on Jul 14, 2009 11:04 PM by boomerbrian.brian.abston.featurenotbug.com

    identity.logout doesn't work on IE

    acdias

      Hi,


      I created a new Seam project in JBoss Tools and it created the security code for me, but in IE, logout doesn't work. When I trigger the logout action it doesn't destroy the user from session.
      In my components.xml



      <security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true" />




      My Authenticator class



      @Name("authenticator")
      public class Authenticator {
           @Logger
           private Log log;
      
           @In
           private Identity identity;
           @In
           private Credentials credentials;
           @Out(scope = ScopeType.SESSION, required = false)
           private User user;
           @In("#{userDao}")
           private UserDAO dao;
      
           public boolean authenticate() {
                log.info("authenticating {0}", credentials.getUsername());
                dao.setEntityClass(User.class);
                user = (User) dao.findById(credentials.getUsername(), GenericDAO.GET_MODE.GET);
                if (user == null)
                     return false;
                if (user.getFuncionario() == null)
                     identity.addRole("admin");
                else
                     identity.addRole("user");
                return true;
           }
      }



      And my logout link



      <s:link view="/index.html" action="#{identity.logout}" value="Logout" rendered="#{identity.loggedIn}" propagation="none"/>



      When I click in logout, it goes to index.html but the the session remains in IE. In Firefox, it works fine.


      Thanks.

        • 1. Re: identity.logout doesn't work on IE

          For me, it does not work in any browser, for it to work I have to run a redirect after I logout.

          • 2. Re: identity.logout doesn't work on IE

            To logout first I do:


            <s:link view="/loggedout.xhtml" action="#{identity.logout}" rendered="#{identity.loggedIn}"/>
            



            and then in loggedout.xhtml I do:


            <meta http-equiv="Refresh"
                 content="0; URL=#{facesContext.externalContext.requestContextPath}/login.seam" />
            



            That is the only way I found that works.

            • 3. Re: identity.logout doesn't work on IE
              acdias

              You didn't understand. The problem its not about redirect or what page it goes after the logout. The problem occurrs only in IE. When I click in the link, it should destroy the user session in logout method, but in IE it doesn't do that. It simply doesn't logout. If I go to a restrict page after logout I can access, because the user session is still there (in IE).


              thanks for helping.

              • 4. Re: identity.logout doesn't work on IE

                Augusto César Dias wrote on Apr 24, 2009 02:20:


                You didn't understand.



                Maybe but... :-P



                The problem its not about redirect or what page it goes after the logout. The problem occurrs only in IE. When I click in the link, it should destroy the user session in logout method, but in IE it doesn't do that. It simply doesn't logout.



                For me, it works... to solve exactly that problem, the redirect triggers the destruction of the session so to speak. Did you even try my solution?



                If I go to a restrict page after logout I can access, because the user session is still there (in IE).



                Yes, that is what happens, unless you do as I say and do a immediate redirect after logging out. It seems that somethings in Seam do not actually occurr (like Conversations ending or session destruction) until you redirect. Don't ask me why, it just works that way.




                thanks for helping.

                • 5. Re: identity.logout doesn't work on IE
                  acdias

                  I don't know what happens, but when I redirect to a HTML page, it doesn't destroy the session, but when I redirect to a XHTML view it works fine...


                  Thanks for helping.

                  • 6. Re: identity.logout doesn't work on IE

                    Just to be clear on this... my trick solved your problem?

                    • 7. Re: identity.logout doesn't work on IE
                      acdias

                      Yeap. Thanks a lot!

                      • 8. Re: identity.logout doesn't work on IE
                        pgmjsd

                        Francisco Peredo wrote on Apr 27, 2009 21:18:


                        Just to be clear on this... my trick solved your problem?

                        I didn't have to do that, and the logout button works fine in IE.


                        <h:commandLink action="#{authenticator.logout}" immediate="true">
                                                                #{msgs.button_logout}
                                                            </h:commandLink>



                        I think the problem you are trying to work around is the fact that <s:link> does a GET request and thus does a different JSF lifecycle.   I chose <h:commandLink> because it does the full JSF cycle.

                        • 9. Re: identity.logout doesn't work on IE

                          Joshua Davis wrote on Apr 29, 2009 05:59:



                          Francisco Peredo wrote on Apr 27, 2009 21:18:


                          Just to be clear on this... my trick solved your problem?

                          I didn't have to do that, and the logout button works fine in IE.

                          <h:commandLink action="#{authenticator.logout}" immediate="true">
                                                                  #{msgs.button_logout}
                                                              </h:commandLink>



                          I think the problem you are trying to work around is the fact that <s:link> does a GET request and thus does a different JSF lifecycle.



                          I am no JSF expert, so I don't completely follow you here... what you mean is that authenticator.logout is incompatible with s:link? And that is because authenticator.logout only works if called by a POST ? I think this GET incompatibility should be reported as a JIRA issue... do you agree?



                            I chose <h:commandLink> because it does the full JSF cycle.



                          So... can you offer insight on why my workaround works? does it complete the JSF cycle?

                          Could this difference in behaviour be the reason for me feeling that the way conversations begin and end is subtly but unequivocally altered by the kind of interaction used to begin or end them?




                          • 10. Re: identity.logout doesn't work on IE
                            pgmjsd

                            Sorry I'm being vague about it.   I'd have to step through with the debugger to repro your issue and then switch it to my example to what is happening.   Unfortunately I don't have the time to do that at the moment.


                            Anyway, way back when, I was implementing this kind of thing in our app and I remember that it had something to do with the order in which things happened with <s:link> vs <h:commandLink>.


                            Is it a bug?  Maybe... It might be one of those things that is a subtle side effect of some JSF-isms that Seam has to deal with.

                            • 11. Re: identity.logout doesn't work on IE
                              cash1981

                              I tried this, and this didn't work for me.


                              I can still view the pages if I paste the url even though I shouldnt be able too.
                              I have tried with commandLink. Maybe that will work. Will test tomorrow.

                              • 12. Re: identity.logout doesn't work on IE
                                boomerbrian.brian.abston.featurenotbug.com

                                Below worked for me.


                                       


                                <!-- End the conversation on logout -->
                                        <page view-id="*">
                                                <navigation from-action="#{identity.logout}">
                                                <end-conversation before-redirect="true"/>
                                                        <redirect view-id="/login.xhtml" />
                                                </navigation>
                                        </page>